Museum Security

Read Time:1 Minute, 2 Second

Interesting interview:

Banks don’t take millions of dollars and put them in plastic bags and hang them on the wall so everybody can walk right up to them. But we do basically the same thing in museums and hang the assets right out on the wall. So it’s our job, then, to either use technology or develop technology that protects the art, to hire honest guards that are trainable and able to meet the challenge and alert and so forth. And we have to keep them alert because it’s the world’s most boring job. It might be great for you to go to a museum and see it for a day, but they stand in that same gallery year after year, and so they get mental fatigue. And so we have to rotate them around and give them responsibilities that keep them stimulated and keep them fresh.

It’s a challenge. But we try to predict the items that might be most vulnerable. Which are not necessarily most valuable; some things have symbolic significance to them. And then we try to predict what the next targets might be and advise our clients that they maybe need to put special security on those items.

Read More

CVE-2020-23648

Read Time:9 Second

Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication.

Read More

Alarming attacks on Internet of Medical Things (IoMT)

Read Time:2 Minute, 18 Second

This blog was written by an independent guest blogger.

The impact of ransomware attacks on healthcare is as alarming as it is under-addressed.  The United States healthcare system alone faces an annual burden of nearly $21 billion due to these attacks. It pays well over $100 million in ransoms, and is beginning to acknowledge the tragic realities of impacted patient care, including higher patient mortality rates. For every headline related to cyberattacks, there are likely hundreds more that go unreported.

In a study released in 2021, IoT/IoMT devices were revealed to be the attack vector for 21% of ransomware attacks.  In May 2022, CISA Senior Advisor Joshua Corman further documented the rising risks during a Senate HELP Committee hearing.

And in August 2022, the Ponemon Institute and Ivanti’s partner Cynerio teamed to dive even deeper into the impact of insecure medical devices on hospitals and patients in their Insecurity of Connected Devices in Healthcare 2022 report.  Statistics from the report show:

43% of respondents experienced at least one ransomware attack.
88% of cyberattacks involve an IoMT device.
The average data breach cost is well over $1 million.
Tragically, 24% of attacks result in increased mortality rates.

Seven out of ten respondents (71%) believe that very high security risks are created by these otherwise overwhelmingly beneficial marvels of modern medicine. Recognition of risk is a step in the right direction, although it is unfortunately more of a talking point than one of action.

Over half (54%) of respondents did not report senior management requiring assurances of properly addressed IoT/IoMT device risk. Even more concerning, two thirds (67%) don’t believe their devices are being patched in a timely manner – the most basic, widely accepted and often required action for nearly any healthcare environment.

The current landscape of most hospitals – battling an epidemic with exhausted staff, strained resources, limited cybersecurity expertise and massive bullseyes – makes them easy targets.  A consolidated effort to improve hospital security is needed; AT&T, in partnership with Ivanti Neurons for Healthcare, offers specific solutions to support risk reduction through actionable guidance.  

Reports demonstrate before-and-after security status, reflecting the improvements gained by taking action.  Network segmentation recommendations integrate with existing NAC solutions, adding intelligence and visibility to the process. Dashboards quantify risks by device, manufacturer, hardware type, and OS, providing a strategy to fight cybercriminals who leave morbid results in their ceaseless drive for ransoms.

In as little as five days, a proof of value engagement will demonstrate a reduction in risk for your healthcare organization. For more information about Ivanti Neurons for Healthcare, and how it can be part of a unified security approach with AT&T Cybersecurity visit us. There’s also a nice e-book available to learn more.

Read More